Check out the Video Companion for Volume 2 for several hours of added content. Join Keith Barker and myself, Anthony Sequeira, as we walk you through our CCIE-level approaches to the new Trouble Tickets of the Volume 2 workbook.
Enjoy!
Jul 08
The following video from Cisco provides us with a tour of the new, “paperless” format of the CCIE R&S Version 4 Lab Exam.
Update: Link corrected, thanks.
Jul 07
RFC, or Request for Comments, are documents published that describe various items surrounding computer networking. Generally, these are memorandums published by the Internet Engineering Task Force.
RFCs can be a great resource. For some unknown reason, most candidates preparing for the CCIE don’t take the time to review these documents, which can be very helpful in assisting with understanding the how and why of various networking components. Perhaps the language is a bit dry, or they prefer books with shiny covers.
There are a variety of status classifications. These include, but are not limited to: standards, informational, best current practices. Some are very serious discussions of the deep inner workings, where others are just there for entertainment, such as RFC 1149 and 2549.
If you aren’t sure whether a RFC is intended to be serious or entertainment, check the date. If it was one from 1 April of any year, most likely it falls into the category of entertainment.
http://www.rfc-archive.org/1+april+rfc.php
Language is included to define how an item is intended to behave. RFC 2119 lists some of these requirements. Requirements are shown capitalized, and include the following: MUST, MUST NOT, SHOULD, SHOULD NOT, MAY, RECOMMENDED, NOT RECOMMENDED, OPTIONAL.
RFCs are not a “magic bullet” for lab preparation. Most students that are familiar with RFCs tend to be more comfortable with the technologies discussed.
RFCs can be viewed online at a number of sites, including the following:
http://www.ietf.org/rfc.html
http://www.rfc-editor.org/
Most search engines will also give you results for RFCs by number or topic.
Quick quiz.
Four questions on RFCs that most people are generally familiar with. Questions are True or False, and the answers can be found fairly quickly, if you know where to look.
T or F
RFC 3330, which describes Special Use IPv4 Addresses, is obsolete.
T or F
RFC 1812, which discusses requirements for IPv4 Routers, states that subnet bits MUST be contiguous.
T or F
RFC 2827 discusses ingress filtering mechanisms, including the effects of multihoming.
T or F
RFC 1918 does not address security issues.
How did you do? Two of these are true and two are false. If you got all four correct, congratulations. If you’ve never heard of these RFCs, perhaps it is time to do some additional reading.
Bonus Question:
True or False:
Neither Cisco nor Juniper devices are compliant with RFC 5841.
Jul 02
The best-selling Volume 2 practice lab workbook from INE has been updated with new, 2-hour Troubleshooting sections that mirror the actual Cisco Lab Exam. Labs 1 through 3 are published now to member accounts. More are on the way!
Do you want to watch Keith Barker solve the Lab 1 TS section? Check out the updated Interactive Video Companion! I will be demonstrating my approach to Lab 2 in that product next week.
Enjoy the updates everyone, and as always, thank you so much for choosing INE.
Jul 01
Try these questions on for size! Learn all this and much more in the new QoS class – woohoo!
1. Based on the following configuration, what traffic will be policed?
class-map C_MUSIC
match protocol kazaa2
match protocol napster
!
class-map match-any C_WEB
match protocol http
match class-map C_MUSIC
!
policy-map P_WEB
class C_WEB
police 64000
!
interface serial 0/0
service-policy output P_WEB
A. All Kazaa version 2 traffic is policed
B. All Napster traffic is policed
C. All web traffic is policed
D. All Kazaa version 2, Napster, and web traffic is policed
E. No traffic is policed
2. You are configuring a Cisco Catalyst 3550 switch port to trust CoS markings if, and only if, the marking originated from a Cisco IP Phone. In an attempt to perform this configuration, you enter the mls qos trust device cisco-phone command. However, your configuration does not seem to be working properly. Why is the switch not trusting CoS markings coming from an attached Cisco IP Phone?
A. A Cisco Catalyst 3550 switch supports the mls qos trust device cisco-phone command, but the Cisco Catalyst 2950 does not support this command.
B. The mls qos trust cos command is missing.
C. The mls qos trust extend command is missing.
D. The mls qos cos 5 command is missing.
3. You administer a network that transports both voice and interactive video traffic. Since these traffic types are both latency-sensitive, you decide to implement the following configuration. Which statement is true regarding the configuration?
class-map C_VOICE
match protocol rtp audio
class-map C_VIDEO
match protocol rtp video
!
policy-map P_HIGH_PRIORITY
class C_VOICE
priority percent 15
class C_VIDEO
priority percent 35
class class-default
fair-queue
!
interface serial 0/0
service-policy output P_HIGH_PRIORITY
A. The configuration results in three queues, one for the C_VOICE class, one for the C_VIDEO class, and one queue for the class-default class.
B. The configuration results in two queues, one priority queue and one queue for the class-default class.
C. The class-default class uses FIFO as its queuing mechanism for traffic flows within its queue.
D. The two priority queues use WFQ for queuing traffic within those queues.
4. CB-WRED is configured using the random-detect command. Which two of the following statements are true concerning the random-detect command? (Choose 2)
A. The random-detect command cannot be issued for the class-default class.
B. The random-detect command cannot be issued for the priority class(es).
C. The random-detect command must be issued in conjunction with the bandwidth command (with the exception of the class-default class).
D. The random-detect command should be issued in conjunction with the priority command.
5. Consider the following configuration:
class-map TRANSACTIONAL
match protocol http
!
policy-map CBPOLICING
class TRANSACTIONAL
police 128000 conform-action set-dscp-transmit af11 exceed-action set-dscp-transmit af13 violate-action drop
!
interface serial 0/1
service-policy input CBPOLICING
What type of class-based policing configuration is represented by this configuration?
A. Single rate, single bucket
B. Single rate, dual bucket
C. Dual rate, single bucket
D. Dual rate, dual bucket
6. You configure CB-Shaping by issuing the command shape peak 8000 2000 2000. This configuration shapes to what peak rate?
A. 4000 bps
B. 8000 bps
C. 16000 bps
D. 32000 bps
7. You are configuring Multilink PPP (MLP) as your Link Fragmentation and Interleaving (LFI) mechanism for a WAN link. Identify the correct statements regarding the configuration of MLP. (Choose 2)
A. The configuration of Multilink PPP requires at least two physical links (e.g. two serial interfaces).
B. The IP address is removed from any serial interface that makes up the MLP bundle.
C. Any policy-map that was previously assigned to a physical interface should be reassigned to the multilink interface, that the physical interface is associated with, in order for the policy to take effect.
D. The virtual multilink interface does not use an IP address. Rather, it uses the IP unnumbered feature which allows the multilink interface to share an IP address with the multilink bundle member that has the highest IP address.
1. Based on the following configuration, what traffic will be policed?
class-map C_MUSIC
match protocol kazaa2
match protocol napster
!
class-map match-any C_WEB
match protocol http
match class-map C_MUSIC
!
policy-map P_WEB
class C_WEB
police 64000
!
interface serial 0/0
service-policy output P_WEB
A. All Kazaa version 2 traffic is policed
B. All Napster traffic is policed
C. All web traffic is policed
D. All Kazaa version 2, Napster, and web traffic is policed
E. No traffic is policed
Answer:
C
Explanation:
The C_MUSIC class-map does not specify the match-any or match-all option. The default is match-all. Therefore, for traffic to be classified in the C_MUSIC class-map, a packet would simultaneously have to be a Kazaa version 2 packet and a Napster packet, which isn’t possible.
The C_WEB class-map uses the match-any option, meaning that traffic will be classified in this class-map if it is HTTP traffic or if it is traffic that was classified in the C_MUSIC class-map. Since, no traffic will be classified in the C_MUSIC class-map, as described above, the only traffic that will be classified by the C_WEB class-map is HTTP traffic.
The policy-map P_WEB is configured to police (i.e. rate limit) traffic classified by the C_WEB class-map to a bandwidth of 64 kbps. (NOTE: The default conform-action is transmit, and the default exceed-action is drop.) Since only HTTP (i.e. web) traffic is matched by the C_WEB class-map, web traffic is the only traffic that is policed.
2. You are configuring a Cisco Catalyst 3560 switch port to trust CoS markings if, and only if, the marking originated from a Cisco IP Phone. In an attempt to perform this configuration, you enter the mls qos trust device cisco-phone command. However, your configuration does not seem to be working properly. Why is the switch not trusting CoS markings coming from an attached Cisco IP Phone?
A. A Cisco Catalyst 2950 switch supports the mls qos trust device cisco-phone command, but the Cisco Catalyst 3560 does not support this command
B. The mls qos trust cos command is missing
C. The mls qos trust extend command is missing
D. The mls qos cos 5 command is missing
E. The PC attached to the phone is overriding the CoS markings
Answer:
B
Explanation:
A Cisco Catalyst 2950 switch port can be configured to trust Class of Service (CoS) markings, Differentiated Services Code Point (DSCP), or CoS markings originating from a Cisco IP Phone. The switch port can detect that a CoS marking is coming from a Cisco IP Phone via the Cisco Discovery Protocol (CDP). The mls qos trust device cisco-phone command does indeed tell the switch to trust a marking if, and only if, the marking comes from a Cisco IP Phone. However, the mls qos trust device cisco-phone command by itself does not tell the switch port which marking (i.e. CoS or DSCP) coming from the Cisco IP Phone to trust. Therefore, the mls qos trust cos command is also required.
3. You administer a network that transports both voice and interactive video traffic. Since these traffic types are both latency-sensitive, you decide to implement the following configuration. Which statement is true regarding the configuration?
class-map C_VOICE
match protocol rtp audio
!
class-map C_VIDEO
match protocol rtp video
!
policy-map P_HIGH_PRIORITY
class C_VOICE
priority percent 15
class C_VIDEO
priority percent 35
class class-default
fair-queue
!
interface serial 0/0
service-policy output P_HIGH_PRIORITY
A. The configuration results in three queues, one for the C_VOICE class, one for the C_VIDEO class, and one queue for the class-default class
B. The configuration results in two queues, one priority queue and one queue for the class-default class
C. The class-default class uses FIFO as its queuing mechanism for traffic flows within its queue
D. The two priority queues use WFQ for queuing traffic within those queues
Answer:
B
Explanation:
While priority treatment (i.e. LLQ treatment) can be assigned to more than one class-map, an interface only has one priority queue. Therefore, in the above configuration, traffic classified in the C_VOICE and C_VIDEO class-maps shares the same priority queue. A second queue contains traffic classified in the class-default class-map. Therefore, the configuration only results in two queues, one shared priority queue and one queue for the class-default class. On most models of routers, only the class-default queue can be configured to use WFQ queuing for flows within the queue, while other queues use FIFO queuing for traffic within those queues.
4. CB-WRED is configured using the random-detect command. Which two of the following statements are true concerning the random-detectcommand? (Choose 2)
A. The random-detect command cannot be issued for the class-default class.
B. The random-detect command cannot be issued for the priority class(es).
C. The random-detect command must be issued in conjunction with the bandwidth command (with the exception of the class-default class).
D. The random-detect command should be issued in conjunction with the priority command.
Answer:
B, C
Explanation:
Weighted Random Early Detection (WRED) is effective for TCP flows, because WRED can cause some TCP flows to enter TCP slow start. When configuring class-based WRED (i.e. CB-WRED), the random-detect command is issued in policy-map-class configuration mode. While the random-detect command can be used with the class-default class, random-detect cannot be issued in policy-map-class configuration mode for a class configured with the priority keyword. Also, with the exception of the class-default class, the random-detect command must be issued along with the bandwidth command.
5. Consider the following configuration:
class-map TRANSACTIONAL
match protocol http
!
policy-map CBPOLICING
class TRANSACTIONAL
police 128000 conform-action set-dscp-transmit af11 exceed-action set-dscp-transmit af13 violate-action drop
!
interface serial 0/1
service-policy input CBPOLICING
What type of class-based policing configuration is represented by this configuration?
A. Single rate, single bucket
B. Single rate, dual bucket
C. Dual rate, single bucket
D. Dual rate, dual bucket
Answer:
B
Explanation:
Cisco IOS supports single rate, single bucket; single rate, dual bucket; and dual rate, dual bucket policers. With a single rate policer, only a committed information rate (CIR) is specified, as in this question. With a dual rate policer, both a CIR and a peak information rate (PIR) are specified. Also, a single rate policer is a single bucket policer, unless the violate action is specified. If the violate action is specified, as it is in this question, the single rate policer uses two buckets, a Bc bucket and a Be bucket. However, a dual rate policer always uses two buckets, one bucket to transmit traffic at the CIR and one bucket to transmit traffic at the PIR.
6. You configure CB-Shaping by issuing the command shape peak 8000 2000 2000. This configuration shapes to what peak rate?
A. 4000 bps
B. 8000 bps
C. 16000 bps
D. 32000 bps
Answer:
C
Explanation:
In the syntax, the 8000 represents the Committed Information Rate (CIR). The first 2000 is the Committed Burst (Bc), and the second 2000 is the Excess Burst (Be). When configuring CB-Shaping, you can either shape to “average” or shape to “peak.” When shaping to average, traffic rates don’t exceed the CIR. However, when shaping to peak, traffic rates can burst above the CIR, while some of that excess traffic could be dropped by the service provider. When shaping to peak, the peak shaping rate is calculated by the formula:
peak_rate = CIR * (1 + Be/Bc)
In this example: peak_rate = 8000 * (1 + 2000/2000) = 16,000 bps. Note that if the Bc and Be values are calculated by IOS rather than being statically configured, Bc will always equal Be, which means that the peak rate will be twice the CIR.
7. You are configuring Multilink PPP (MLP) as your Link Fragmentation and Interleaving (LFI) mechanism for a WAN link. Identify the correct statements regarding the configuration of MLP. (Choose 2)
A. The configuration of Multilink PPP requires at least two physical links (e.g. two serial interfaces)
B. The IP address is removed from any serial interface that makes up the MLP bundle
C. Any policy-map that was previously assigned to a physical interface should be reassigned to the multilink interface, that the physical interface is associated with, in order for the policy to take effect
D. The virtual multilink interface does not use an IP address. Rather, it uses the IP unnumbered feature which allows the multilink interface to share an IP address with the multilink bundle member that has the highest IP address
Answer:
B, C
Explanation:
Multilink PPP (MLP) is a Link Fragmentation and Interleaving (LFI) mechanism for PPP links. Interestingly, even though the term “multilink” is in the title of this mechanism, MLP can be configured on a single link. Specifically, a virtual multilink interface is created. Then, one or more physical interfaces are added as members of a multilink bundle, all of which act as the single multilink interface. As a result, the virtual multilink interface is assigned an IP address, while the one or more physical interface member(s) do not have an IP address. Additionally, since the packets are logically transmitted over the virtual multilink interface, in order to apply a policy-map to the traffic using the virtual interface, the service-policy command should be applied to the virtual multilink interface, as opposed to the member interfaces.
Jun 30
Summer was in full swing, and it was over 105 degrees Fahrenheit outside. Bob was told it was a “dry heat”, but he thought “so is my oven”. Needless to say, Bob was glad to be in the data center, where the temperature and humidity controls kept it very cold. He had been asked to setup up a basic route-map with BGP, and here is the diagram he worked from.
The goal, was to modify BGP, so that all traffic going towards the 1.1.1.0 network (which is sourced from AS1), traveling either from or through AS23, would only use the 13.0.0.0/24 segment (between R3 and R1), and not use the 10.0.0.0/24 segment (between R2 and R1) as a transit path.
Bob reviewed some of the BGP topics he had recently learned. Here is the list he made of possibilities:
R1 could pre-pend to the AS path for advertisements of the 1.1.1.0/24 prefix when it is sent to R2 from R1. This way, AS23 would see a better path through R3 rather than R2. He tried this using the following on R1:
ip prefix-list JUST-1.1.1.0 seq 5 permit 1.1.1.0/24 route-map PRE-PEND permit 10 match ip address prefix-list JUST-1.1.1.0 set as-path prepend 1 route-map PRE-PEND permit 20 router bgp 1 neighbor 10.0.0.2 route-map PRE-PEND out
Bob cleared the BGP session, just to be sure. Unfortunately, some traffic destined to 1.1.1.0 was still flowing over the 10.0.0.0 network between R2 and R1.
Bob decided to try another approach, and instead of R1 trying to make AS23 think the path on 10.0.0.0 was worse, perhaps he would tell R3 to make the path on 13.0.0.0 look better. He considered weight, but then realized that would only work for R3, and not every other device in AS23. So Bob decided to use local-preference. On R3, he tried using local-preference, to specify that when a BGP update came in from R1 for 1.1.1.0, R3 would set the local-preference to 250 for that prefix, in hopes that this would allow traffic destined for 1.1.1.0 go exclusively through the 13.0.0.0 segment between R3 and R1. Unfortunately, even with this change, Bob noticed that traffic destined to 1.1.1.0 from our through AS23 still crossed on the link between R2 and R1.
Below are the configurations for R1, R2 and R3 along with the relevant show commands.
Can you assist Bob? What can he do? What did he do wrong, if anything?
Post your ideas and comments below!
R1:
version 12.4 hostname R1 interface Loopback0 ip address 1.1.1.1 255.255.255.0 ip ospf network point-to-point interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip ospf 1 area 1 interface FastEthernet1/0 ip address 13.0.0.1 255.255.255.0 ip ospf 1 area 1 router bgp 1 no synchronization bgp log-neighbor-changes network 1.1.1.0 mask 255.255.255.0 neighbor 10.0.0.2 remote-as 23 neighbor 10.0.0.2 route-map PRE-PEND out neighbor 13.0.0.3 remote-as 23 no auto-summary ip prefix-list JUST-1.1.1.0 seq 5 permit 1.1.1.0/24 route-map PRE-PEND permit 10 match ip address prefix-list JUST-1.1.1.0 set as-path prepend 1 route-map PRE-PEND permit 20
R2:
version 12.4 hostname R2 interface FastEthernet0/0 ip address 10.0.0.2 255.255.255.0 ip ospf 1 area 1 interface FastEthernet0/1 ip address 23.0.0.2 255.255.255.0 ip ospf 1 area 1 router bgp 23 no synchronization bgp log-neighbor-changes neighbor 10.0.0.1 remote-as 1 neighbor 23.0.0.3 remote-as 23 no auto-summary !
R3:
version 12.4 hostname R3 interface FastEthernet0/0 ip address 13.0.0.3 255.255.255.0 ip ospf 1 area 1 interface FastEthernet0/1 ip address 23.0.0.3 255.255.255.0 ip ospf 1 area 1 router bgp 23 no synchronization bgp log-neighbor-changes neighbor 13.0.0.1 remote-as 1 neighbor 13.0.0.1 route-map SET-LOCAL-PREF in neighbor 23.0.0.2 remote-as 23 no auto-summary ip prefix-list LOCAL-PREF-250 seq 5 permit 1.1.1.0/24 route-map SET-LOCAL-PREF permit 10 match ip address prefix-list LOCAL-PREF-250 set local-preference 250 route-map SET-LOCAL-PREF permit 20
Show commands R1:
R1#show ip bgp summary
BGP router identifier 1.1.1.1, local AS number 1
BGP table version is 2, main routing table version 2
1 network entries using 120 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 2) using 32 bytes of memory
BGP using 452 total bytes of memory
BGP activity 2/1 prefixes, 2/1 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.2 4 23 77 73 2 0 0 00:29:01 0
13.0.0.3 4 23 74 74 2 0 0 00:29:01 0
R1#show ip bgp
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 0 32768 i
R1#show ip route | begin resort
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
23.0.0.0/24 is subnetted, 1 subnets
O 23.0.0.0 [110/2] via 13.0.0.3, 00:48:43, FastEthernet1/0
[110/2] via 10.0.0.2, 00:48:09, FastEthernet0/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0
13.0.0.0/24 is subnetted, 1 subnets
C 13.0.0.0 is directly connected, FastEthernet1/0
Show commands R2:
R2#show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 23
BGP table version is 14, main routing table version 14
1 network entries using 120 bytes of memory
2 path entries using 104 bytes of memory
3/1 BGP path/bestpath attribute entries using 372 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 2) using 32 bytes of memory
BGP using 676 total bytes of memory
BGP activity 1/0 prefixes, 4/2 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.1 4 1 73 77 14 0 0 00:29:07 1
23.0.0.3 4 23 71 73 14 0 0 01:04:54 1
R2#show ip bgp
BGP table version is 14, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.0/24 13.0.0.1 0 250 0 1 i
* 10.0.0.1 0 0 1 1 i
R2#show ip route | begin resort
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
B 1.1.1.0 [200/0] via 13.0.0.1, 00:28:37
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
23.0.0.0/24 is subnetted, 1 subnets
C 23.0.0.0 is directly connected, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0
13.0.0.0/24 is subnetted, 1 subnets
O 13.0.0.0 [110/2] via 23.0.0.3, 00:48:16, FastEthernet0/1
[110/2] via 10.0.0.1, 00:49:19, FastEthernet0/0
Show commands R3:
R3#show ip bgp summary
BGP router identifier 3.3.3.3, local AS number 23
BGP table version is 6, main routing table version 6
1 network entries using 120 bytes of memory
1 path entries using 52 bytes of memory
3/1 BGP path/bestpath attribute entries using 372 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 2) using 32 bytes of memory
BGP using 600 total bytes of memory
BGP activity 1/0 prefixes, 5/4 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
13.0.0.1 4 1 74 74 6 0 0 00:29:09 1
23.0.0.2 4 23 73 71 6 0 0 01:04:56 0
R3#show ip bgp
BGP table version is 6, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 13.0.0.1 0 250 0 1 i
R3#show ip route | begin resort
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
B 1.1.1.0 [20/0] via 13.0.0.1, 00:28:39
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
23.0.0.0/24 is subnetted, 1 subnets
C 23.0.0.0 is directly connected, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
O 10.0.0.0 [110/2] via 23.0.0.2, 00:48:18, FastEthernet0/1
[110/2] via 13.0.0.1, 00:48:48, FastEthernet0/0
13.0.0.0/24 is subnetted, 1 subnets
C 13.0.0.0 is directly connected, FastEthernet0/0
Best wishes,
Keith
And the answer is:
Thanks to you, and your 50+ posts, bob got his answer. By reading your responses, Bob learned the following:
For R2, the BGP next hop for the best route, is still 13.0.0.1, even though it is learned from R3. R3 doesn’t bother to change the next-hop attribute when learning routes via a eBGP neighbor (R1). With R2 having 2 equal cost paths (OSPF) for the next hop of 13.0.0.1, R2 would load balance the traffic over the 10.0.0.0 and 23.0.0.0 networks for traffic going to 1.1.1.0/24
One solution would be to have R3 use next-hop-self for updates sent to R2. Then R2 would see the next hop as 23.0.0.3, and all the traffic would be forwarded to R3 as desired.
The update on R3 would look like this:
router bgp 23 neighbor 23.0.0.2 next-hop-self
This would cause R2, to have the BGP table of this:
R2#show ip bgp BGP table version is 4, local router ID is 2.2.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i1.1.1.0/24 23.0.0.3 0 250 0 1 i * 10.0.0.1 0 0 1 1 i
Another option would be increasing the OSPF cost on R2’s 10.0.0.0/24 interface, so that it wouldn’t be considered an equal cost to get to 13.0.0.1 (the previous next hop before the change we just made).
Thanks everyone for all your assistance! You rock.
Jun 29
Try these questions on for size! Learn all this and much more in the new QoS class – woohoo!
1. Based on the following configuration, what traffic will be policed?
class-map C_MUSIC
match protocol kazaa2
match protocol napster
!
class-map match-any C_WEB
match protocol http
match class-map C_MUSIC
!
policy-map P_WEB
class C_WEB
police 64000
!
interface serial 0/0
service-policy output P_WEB
A. All Kazaa version 2 traffic is policed
B. All Napster traffic is policed
C. All web traffic is policed
D. All Kazaa version 2, Napster, and web traffic is policed
E. No traffic is policed
2. You are configuring a Cisco Catalyst 3550 switch port to trust CoS markings if, and only if, the marking originated from a Cisco IP Phone. In an attempt to perform this configuration, you enter the mls qos trust device cisco-phone command. However, your configuration does not seem to be working properly. Why is the switch not trusting CoS markings coming from an attached Cisco IP Phone?
A. A Cisco Catalyst 3550 switch supports the mls qos trust device cisco-phone command, but the Cisco Catalyst 2950 does not support this command.
B. The mls qos trust cos command is missing.
C. The mls qos trust extend command is missing.
D. The mls qos cos 5 command is missing.
3. You administer a network that transports both voice and interactive video traffic. Since these traffic types are both latency-sensitive, you decide to implement the following configuration. Which statement is true regarding the configuration?
class-map C_VOICE
match protocol rtp audio
class-map C_VIDEO
match protocol rtp video
!
policy-map P_HIGH_PRIORITY
class C_VOICE
priority percent 15
class C_VIDEO
priority percent 35
class class-default
fair-queue
!
interface serial 0/0
service-policy output P_HIGH_PRIORITY
A. The configuration results in three queues, one for the C_VOICE class, one for the C_VIDEO class, and one queue for the class-default class.
B. The configuration results in two queues, one priority queue and one queue for the class-default class.
C. The class-default class uses FIFO as its queuing mechanism for traffic flows within its queue.
D. The two priority queues use WFQ for queuing traffic within those queues.
4. CB-WRED is configured using the random-detect command. Which two of the following statements are true concerning the random-detect command? (Choose 2)
A. The random-detect command cannot be issued for the class-default class.
B. The random-detect command cannot be issued for the priority class(es).
C. The random-detect command must be issued in conjunction with the bandwidth command (with the exception of the class-default class).
D. The random-detect command should be issued in conjunction with the priority command.
5. Consider the following configuration:
class-map TRANSACTIONAL
match protocol http
!
policy-map CBPOLICING
class TRANSACTIONAL
police 128000 conform-action set-dscp-transmit af11 exceed-action set-dscp-transmit af13 violate-action drop
!
interface serial 0/1
service-policy input CBPOLICING
What type of class-based policing configuration is represented by this configuration?
A. Single rate, single bucket
B. Single rate, dual bucket
C. Dual rate, single bucket
D. Dual rate, dual bucket
6. You configure CB-Shaping by issuing the command shape peak 8000 2000 2000. This configuration shapes to what peak rate?
A. 4000 bps
B. 8000 bps
C. 16000 bps
D. 32000 bps
7. You are configuring Multilink PPP (MLP) as your Link Fragmentation and Interleaving (LFI) mechanism for a WAN link. Identify the correct statements regarding the configuration of MLP. (Choose 2)
A. The configuration of Multilink PPP requires at least two physical links (e.g. two serial interfaces).
B. The IP address is removed from any serial interface that makes up the MLP bundle.
C. Any policy-map that was previously assigned to a physical interface should be reassigned to the multilink interface, that the physical interface is associated with, in order for the policy to take effect.
D. The virtual multilink interface does not use an IP address. Rather, it uses the IP unnumbered feature which allows the multilink interface to share an IP address with the multilink bundle member that has the highest IP address.
1. Based on the following configuration, what traffic will be policed?
class-map C_MUSIC
match protocol kazaa2
match protocol napster
!
class-map match-any C_WEB
match protocol http
match class-map C_MUSIC
!
policy-map P_WEB
class C_WEB
police 64000
!
interface serial 0/0
service-policy output P_WEB
A. All Kazaa version 2 traffic is policed
B. All Napster traffic is policed
C. All web traffic is policed
D. All Kazaa version 2, Napster, and web traffic is policed
E. No traffic is policed
2. You are configuring a Cisco Catalyst 3560 switch port to trust CoS markings if, and only if, the marking originated from a Cisco IP Phone. In an attempt to perform this configuration, you enter the mls qos trust device cisco-phone command. However, your configuration does not seem to be working properly. Why is the switch not trusting CoS markings coming from an attached Cisco IP Phone?
A. A Cisco Catalyst 2950 switch supports the mls qos trust device cisco-phone command, but the Cisco Catalyst 3560 does not support this command
B. The mls qos trust cos command is missing
C. The mls qos trust extend command is missing
D. The mls qos cos 5 command is missing
E. The PC attached to the phone is overriding the CoS markings
3. You administer a network that transports both voice and interactive video traffic. Since these traffic types are both latency-sensitive, you decide to implement the following configuration. Which statement is true regarding the configuration?
class-map C_VOICE
match protocol rtp audio
!
class-map C_VIDEO
match protocol rtp video
!
policy-map P_HIGH_PRIORITY
class C_VOICE
priority percent 15
class C_VIDEO
priority percent 35
class class-default
fair-queue
!
interface serial 0/0
service-policy output P_HIGH_PRIORITY
A. The configuration results in three queues, one for the C_VOICE class, one for the C_VIDEO class, and one queue for the class-default class
B. The configuration results in two queues, one priority queue and one queue for the class-default class
C. The class-default class uses FIFO as its queuing mechanism for traffic flows within its queue
D. The two priority queues use WFQ for queuing traffic within those queues
4. CB-WRED is configured using the random-detect command. Which two of the following statements are true concerning the random-detect command? (Choose 2)
A. The random-detect command cannot be issued for the class-default class.
B. The random-detect command cannot be issued for the priority class(es).
C. The random-detect command must be issued in conjunction with the bandwidth command (with the exception of the class-default class).
D. The random-detect command should be issued in conjunction with the priority command.
5. Consider the following configuration:
class-map TRANSACTIONAL
match protocol http
!
policy-map CBPOLICING
class TRANSACTIONAL
police 128000 conform-action set-dscp-transmit af11 exceed-action set-dscp-transmit af13 violate-action drop
!
interface serial 0/1
service-policy input CBPOLICING
What type of class-based policing configuration is represented by this configuration?
A. Single rate, single bucket
B. Single rate, dual bucket
C. Dual rate, single bucket
D. Dual rate, dual bucket
6. You configure CB-Shaping by issuing the command shape peak 8000 2000 2000. This configuration shapes to what peak rate?
A. 4000 bps
B. 8000 bps
C. 16000 bps
D. 32000 bps
7. You are configuring Multilink PPP (MLP) as your Link Fragmentation and Interleaving (LFI) mechanism for a WAN link. Identify the correct statements regarding the configuration of MLP. (Choose 2)
A. The configuration of Multilink PPP requires at least two physical links (e.g. two serial interfaces)
B. The IP address is removed from any serial interface that makes up the MLP bundle
C. Any policy-map that was previously assigned to a physical interface should be reassigned to the multilink interface, that the physical interface is associated with, in order for the policy to take effect
D. The virtual multilink interface does not use an IP address. Rather, it uses the IP unnumbered feature which allows the multilink interface to share an IP address with the multilink bundle member that has the highest IP address
Jun 28
In the previous MPLS Components post, we discussed the many benefits that MPLS can bring to the network, and we detailed the typical components found in a Layer 3 MPLS VPN design. In this post, we will provide more details for the MPLS components and their important, inner workings. We will make reference to the previous diagram in this post as well:
MPLS Components
When PE1 receives a packet from CE1, it will engage in what we call a Push operation. PE1 is considered the ingress PE router and engages in label imposition. (Notice that we like to speak in fancy terminology here; when we add a label to a packet, it is termed a push or an imposition).
The P routers in the scenario will move the packets by simply swapping labels. How are the labels used in the Label Switch Path (LSP) learned by all of the routers? This is the job of the Label Distribution Protocol, or other existing protocols, but that is for later blog posts.
At the egress PE2 device, we have label disposition, or what we call a Pop of the label. (Fancy language for the removal of the label). If the second to last device in the path removes the label for us, this is termed Penultimate Hop Popping (PHP) and is the default Cisco implementation.
So we have pointed out that our example relies upon the Label Distribution Protocol (LDP) for the assignment of labels through the Label Switch Path (LSP). But how does LDP assign these labels? On what does it base its information?
It turns out that LDP relies upon the underlying IGP to build the best path for the LSP through the network. In fact, it also relies upon the IGP for loop free pathing.
This relationship between LDP and the IGP has many interesting aspects. For example, if the IGP reconverges on a new best path, so will the LSP through LDP. If there is a loop created or a blackhole situation created by the IGP reconvergence, this will also impact the LSP. Also, consider convergence times. LDP is certainly bound by the convergence time of the underlying IGP. Finally, consider the fact that this reliance brings up the need for inter-AS MPLS mechanisms for LDP.
The last point I want to discuss in this part is the fact that we often have label stacking with MPLS. In the case of our Layer 3 MPLS VPNs in the R&S track, the outer label (or transport label), is used to move the packet through the LSP, while the inner label is used to identify the VPN site. This is often called the VPN label.
Well, I certainly hope you are enjoying the posts on MPLS and there will be many more to come.
Jun 18
Do you want to see how a CCIE would handle a tricky EtherChannel and 802.1X scenario in the lab exam. Subscribers to the Interactive Video Companion for Volume 2 need to log in and watch the new training modules.
These tasks provide great opportunities to analyze task interpretation, diagramming strategy, and DOC-CD utilization during the CCIE lab exam.
Enjoy your studies!
Jun 17
We know from the 5-Day QoS bootcamp that Differentiated Services is one of the three major overall approaches to providing Quality of Service in an enterprise. The other options are Integrated Services and Best Effort.
When we studied Differentiated Services, we saw that the primary marking technology approach was the Differentiated Services Code Point (DSCP) concept. These are the high order 6 bits in the IP packet ToS Byte. But how can MPLS use these markings in order to provide QoS treatment (Per Hop Behaviors (PHBs)) to various traffic forms?
The first major issue to solve is the fact that Label Switch Routers (LSRs) rely solely on the MPLS header when making forwarding decisions. These devices will no longer analyze the IP Header information, thus negating the use of the ToS Byte. This was solved through the creation of the Experimental Bits field in the MPLS header. The IETF has now renamed the field to the Traffic Class field. See RFC 5462.
But now there is another issue. There are 6 bits used for DSCP (providing 64 classifications), while there are only 3 Traffic Class bits (providing a mere 8 classifications).
It turns out there are two approaches to dealing with this issue. If you should happen to require less than 8 Per Hop Behaviours, just use the EXP Bits (Traffic Class). In fact, these bits are mapped to IP Precedence by default in Cisco’s implementation, so they should be populated appropriately for QoS classification by default. This approach is called E-LSPs in official MPLS terminology. E stands for EXP-inferred in this case.
The second option is when we need more than 8 classifications in our network. Obviously, the three EXP bits fall far short of providing the necessary markings. In this case, the label itself is used to help mark traffic! In this approach, both the EXP bits and the label are used for the PHB. Typically the marking in the label will assign the congestion management treatment, while the EXP bits will control drop priority. This approach is called L-LSP. Here the L stands for label-inferred.
Thanks for reading this blog supplement to the QoS course, and you can expect many more over the coming months. Happy studies!
